Okay so this browser hijacker has made its way onto my PC, how do I get rid of it from Chrome please?

Windows 7 Home premium
Dell XPS 8100
Chrome browser

I've done a MalwareBytes scan and removed 3 vosteran objects but the hijacking problem persists on at least 2 forums but seems absent when on this forum and several others.

Never run into that one, but I would give adwcleaner a go.

Never run into that one, but I would give adwcleaner a go.
Cheers. Do you have a trustworthy download source you can steer me too?

Okay, solved it. For future reference to anyone who gets affected:

EDIT: **I would only follow the first 3 steps in the linked advice below as the 4th one had unintended consequences, deleting a key from admin/local that left my computer blind to its internet connection, which I had to fix with a System Restore.**

http://malwaretips.com/blogs/remove-vosteran-search/

A sticky thread for these solutions might also be a good idea.

I've seen a few Chrome hijacks in the last couple of months. I thought Chrome was solid but I guess not.

But of what I've seen, it was two things, and both were allowed in as one of those very convenient extras as part of the Next clicking process when you get a program for the likes of cnet.

Chrome has benefitted from some degree of relative obscurity, just like OSX. Everything is hackable - it's just a matter of how much time people are investing in them.

Chrome has benefitted from some degree of relative obscurity, just like OSX. Everything is hackable - it's just a matter of how much time parasites are investing in them.
Small fix.

Generally, the people investing in hacks aren't really the parasites. It's the people that buy those hacks or the results of those hacks that are the parasites. ;)

Trustworthy.... download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Step 1.
Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Step 2.
Using AdwCleaner v3: Scan & Clean:

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).

Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder

******Post both .txt logs

I would like to see both logs, please.

Vosteran is a 'search' browser hijack.

Thanks. I didn't have this one but I recently got sloppy with an old version of Java and had Yahoo take over all my browsers. It seemed to be the only thing that was found. I'm usually very careful about that stuff.

Jacee, thanks but I think it's fixed now, here goes anyway:

SCAN

# AdwCleaner v4.107 - Report created 11/01/2015 at 20:35:53
# Updated 07/01/2015 by Xplode
# Database : 2015-01-11.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner_4.107.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v39.0.2171.71

[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [7276 octets] - [11/01/2015 19:29:13]
AdwCleaner[R1].txt - [811 octets] - [11/01/2015 20:35:53]
AdwCleaner[S0].txt - [7475 octets] - [11/01/2015 19:36:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [930 octets] ##########
# AdwCleaner v4.107 - Report created 14/01/2015 at 16:41:42
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner_4.107.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [7276 octets] - [11/01/2015 19:29:13]
AdwCleaner[R1].txt - [1681 octets] - [11/01/2015 20:35:53]
AdwCleaner[S0].txt - [7475 octets] - [11/01/2015 19:36:51]
AdwCleaner[S1].txt - [1072 octets] - [11/01/2015 20:37:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1861 octets] ##########


CLEAN

# AdwCleaner v4.107 - Report created 11/01/2015 at 20:37:36
# Updated 07/01/2015 by Xplode
# Database : 2015-01-11.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v39.0.2171.71

[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [7276 octets] - [11/01/2015 19:29:13]
AdwCleaner[R1].txt - [1009 octets] - [11/01/2015 20:35:53]
AdwCleaner[S0].txt - [7475 octets] - [11/01/2015 19:36:51]
AdwCleaner[S1].txt - [934 octets] - [11/01/2015 20:37:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [993 octets] ##########
# AdwCleaner v4.107 - Report created 14/01/2015 at 16:53:33
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [7276 octets] - [11/01/2015 19:29:13]
AdwCleaner[R1].txt - [1941 octets] - [11/01/2015 20:35:53]
AdwCleaner[R2].txt - [990 octets] - [14/01/2015 16:51:27]
AdwCleaner[S0].txt - [7475 octets] - [11/01/2015 19:36:51]
AdwCleaner[S1].txt - [1924 octets] - [11/01/2015 20:37:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1984 octets] ##########

What is "hxxp://uk.ask.com/web?q={searchTerms}"?

Thanks. I didn't have this one but I recently got sloppy with an old version of Java and had Yahoo take over all my browsers. It seemed to be the only thing that was found. I'm usually very careful about that stuff.
Following that comment I just tried update Java and it failed.

I'd uninstall it and reinstall from a fresh download. It may or may not be related. The Java updater blows.

It does. Also, read each prompt carefully before clicking when using the Java installer (or any installer).

Doesn't ninite have the java updates sans goofy installer (and McAfee/Yahoo/etc garbage)?

ask.com is a search provider .... it comes 'bundled' with something you downloaded. Get rid of it!

You can update java by:
Download the latest version of Java Runtime Environment (JRE)8 Update 25 .
http://www.oracle.com/technetwork/java/javase/downloads/index.html
Scroll over to the right (JRE) download button. (not JRE server button)

Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-8u25-windows-i586-p.exe to install the newest version.

***** make sure any prechecked, bundleware is unchecked when installing the latest version.

It seems to be Java Updater that keeps prompting if I want to use Ask.

It's stuck in Web Data, which I can only open in notepad, do I get rid of the whole thing (Web Data)?

What's stuck in Web Data?

Click on the Control Panel, then right click on the Java Control Panel to open. Uncheck the box that says 'check for updates automatically'. Click apply and ok. Now, reboot.

Tell me if that worked.

What's stuck in Web Data?
Ask.com.

Click on the Control Panel, then right click on the Java Control Panel to open. Uncheck the box that says 'check for updates automatically'. Click apply and ok. Now, reboot.

Tell me if that worked.
Okay, done that. I hope this isn't a joke because I feel too serious.

I'm not joking... just trying to help!
Is Ask.com set as your Home page or preferred search provider?
Do you see it as an add-on in any of your browsers?

Please download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop. This is a good application to keep http://i4.photobucket.com/albums/y129/jcee/icon_thumbsup.gif

Save any unsaved work. TFC will close ALL open programs including your browser! (shortcuts on the desktop will disappear)
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! Manually reboot the machine to ensure a complete clean.

Next -

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 17/01/2015 at 12:58:58.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\Admin\appdata\local\pc_drivers_headquarte rs"
Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\winzipbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\winzipbar"
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{0034D4A4-BA17-48BE-BE1D-25B1551ABC9C}

It goes on with registry keys in the last location but it's too long to post.

How is your computer running now?
Were you able to install the latest Java?
Is Ask.com still showing as your search provider?

My computer is running fine. Ask.com was never my search provider, it was just stored in the background as an optional search provider. I have installed the latest version of Java and I again thank you for your help. Cheers Jacee!

Good going! http://www.cheesebuerger.de/images/midi/froehlich/a041.gif

One last question. In Chrome Settings what is 'Person 1' and how come I've never noticed it before?

Is there a way of recovering/viewing deleted browsing history in Chrome with Windows 7 OS? I'd like to check on some of the sites the hijacker was diverting me to and see what's been going on. I deleted it but then decided I wanted to check it, shame I didn't do it the other way around.